January 17, 2018

XMAS Is Prime Time For System Crackers

Christmas is the season of fun and festivities around the world. It is also the optimal time for hackers and other underhanded profit seekers to break into systems or launch distributed denial of service (DDoS) attacks against companies small and large, crippling their ability to sell their products online. Most of the reasons for doing it may seem quite straightforward. Some reasons, however, require a bit more elaboration and investigation.

One reason that Christmas is so popular with hackers is that everyone is too busy enjoying the holidays. In the run up to Christmas, the virtual tills will be full not of cash but of people's identities in the form of delivery addresses, birth dates, and the like. In not-so-well designed online stores, plain text or weakly encrypted credit card numbers are there for the taking, too.

To compound the issue, the holidays -- and specifically Christmas Day and New Years day -- is the time when not only will the IT staff be operating with a skeleton crew, but those folks manning the station are likely be more interested in festivities and merriment than combing through logs or staring at screens.

This gives the hackers carte blanche against a victim with a larger window of time whilst enjoying less scrutiny than if it where 8 pm on a Wednesday evening. Even then, some staff may not hear nor understand the alarms. This was one of the failed chances Home Depot had to stop the recent massive credit card breach; warning alarms are only useful if people acknowledge and act on them. Home Depot had anti-data exfiltration software, and it was sending out hundreds of alarms during the period of time the compromise existed, but no one knew what to do with them. This also points to a lack of appropriate training in using the application.

The other new and perhaps more unreasonable time for choosing Christmas is virtual blackmail. It is widely reckoned that up to a quarter of retail stores make the money to keep them going for the entire year during the Christmas period. This means any disruption to the influx of purchases has a devastating effect on the bottom line of the company and its viability.

Smaller companies may chose to pay off the attackers on the basis that it is just easier than trying to potentially mitigate huge DDoS attacks, or even worse, having to move infrastructure or add additional bandwidth when just about everyone is off for the holiday. In recent times, DDOS attacks frequently weigh in at server, crushing volumes of over 20 Gbit/s network traffic, which is easily enough to swamp most hosts.

The same issues applies to the mega corporations, too. This week we have seen devastating attacks on both the Sony Playstation Network and the Xbox Live network. These debilitating attacks were designed to cause maximum damage on one of the most important days of the console vendors' year, Christmas Day.

The difference, however, was that the Sony and Xbox network DDoS activities did not appear to be financially motivated (at least, not directly). They were more targeted to just causing as much unhappiness as possible and gaining notoriety. "The Lizard Squad" claimed responsibility for both of the prolonged outages.

It is telling that the hack was stopped when the infamous Kim DotCom stepped in and offered 300 free lifetime accounts on his encrypted anonymous service. This apparently stopped the attacks. The real motives for the attack have however only just become clear: they were a "Customer demonstration" of a new pay-by-the-second DDoS tool. It's worth noting that any DDoS with the power to knock both the Sony and Microsoft console networks out simultaneously is not a tool to be trivialized.

Finally, there are a limited number of options for people on the receiving end of these sorts of attacks. The most basic advice is to still be as vigilant as possible during these times, and if you use DLP (Data Loss Prevention) tools, ensure that your staff understands how to use these tools.

Mitigating DDoS attacks is a bit harder. The best advice for avoiding these is to work with a company such as CloudFlare that has a well-documented history of mitigating attacks as well as the capacity to overcome the attacks.
Share This
Previous Post
Next Post

This Post was publish by the above Author